{"id":49733,"date":"2022-08-19T15:49:45","date_gmt":"2022-08-19T14:49:45","guid":{"rendered":"https:\/\/www.soitron.com\/?p=49733"},"modified":"2022-08-19T15:49:47","modified_gmt":"2022-08-19T14:49:47","slug":"trojsky-kun-odhalil-casovanou-bezpecnostni-bombu","status":"publish","type":"post","link":"https:\/\/new.soitron.com\/cs\/trojsky-kun-odhalil-casovanou-bezpecnostni-bombu\/","title":{"rendered":"Trojsk\u00fd k\u016f\u0148 ZuoRAT odhalil \u010dasovanou bezpe\u010dnostn\u00ed bombu. SOHO routery ti\u0161e sleduj\u00ed provoz v s\u00edti"},"content":{"rendered":"\n<p><strong>T\u00e9m\u011b\u0159 dva roky z\u016fstalo IT expert\u016fm skryto z\u00e1va\u017en\u00e9 bezpe\u010dnostn\u00ed riziko. A to malware, kter\u00fd \u00fato\u010dn\u00edk\u016fm umo\u017en\u00ed ovl\u00e1dnout lok\u00e1ln\u00ed s\u00ed\u0165 a z\u00edskat p\u0159\u00edstup do zapojen\u00fdch syst\u00e9m\u016f, jako jsou po\u010d\u00edta\u010de a dal\u0161\u00ed za\u0159\u00edzen\u00ed. \u00datok prob\u00edh\u00e1 prost\u0159ednictv\u00edm dosud nev\u00eddan\u00e9ho trojsk\u00e9ho kon\u011b a zam\u011b\u0159uje se na \u201edom\u00e1c\u00ed\u201c routery v\u00a0Evrop\u011b a severn\u00ed Americe. N\u00e1sledn\u011b zp\u0159\u00edstupn\u00ed ovl\u00e1d\u00e1n\u00ed p\u0159ipojen\u00fdch za\u0159\u00edzen\u00ed se syst\u00e9my Windows, Mac OS a Linux.<\/strong><\/p>\n\n\n\n<p>Nov\u011b objeven\u00fd trojsk\u00fd k\u016f\u0148 ZuoRAT byl od roku 2020 nepozorovan\u011b pou\u017e\u00edv\u00e1n a zac\u00edlen na routery nach\u00e1zej\u00edc\u00ed se v\u00a0mal\u00fdch a dom\u00e1c\u00edch kancel\u00e1\u0159\u00edch (SOHO &#8211; Small Office\/Home Office)). <em>\u201eNen\u00ed n\u00e1hodou, \u017ee prvn\u00ed identifikovan\u00e1 nasazen\u00ed ZuoRATu se datuj\u00ed pr\u00e1v\u011b do za\u010d\u00e1tku pandemie Covid-19. Jej\u00ed vypuknut\u00ed odstartoval \u017eiveln\u00fd p\u0159echod na vzd\u00e1lenou pr\u00e1ci a drastick\u00e9 zv\u00fd\u0161en\u00ed po\u010dtu SOHO router\u016f, kter\u00e9 zam\u011bstnanci vyu\u017e\u00edvaj\u00ed k\u00a0p\u0159\u00edstupu do firemn\u00ed infrastruktury z\u00a0domova,\u201c <\/em><strong>vysv\u011btluje<\/strong> <strong>Martin Lohnert, specialista pro oblast kyberbezpe\u010dnosti v technologick\u00e9 spole\u010dnosti Soitron<\/strong>.<\/p>\n\n\n\n<p><strong>M\u00e1te router? A mohu ho vid\u011bt?<\/strong><\/p>\n\n\n\n<p>Nebezpe\u010d\u00ed postihlo celou \u0159adu \u0161iroce pou\u017e\u00edvan\u00fdch router\u016f, p\u0159edev\u0161\u00edm od spole\u010dnost\u00ed Asus, Cisco, DrayTek \u010di Netgear. Smutnou pravdou je, \u017ee t\u00e9m\u011b\u0159 v\u0161echny SOHO routery jsou jen z\u0159\u00eddka monitorovan\u00e9 a servisovan\u00e9, co\u017e z\u00a0nich d\u011bl\u00e1 jedno z\u00a0nejslab\u0161\u00edch m\u00edst v\u00a0perimetru s\u00edt\u011b. Proto mohou velmi dob\u0159e poslou\u017eit ke sb\u011bru dat, nebo kompromitaci za\u0159\u00edzen\u00ed p\u0159ipojen\u00fdch do s\u00edt\u011b. <\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><em>\u201eB\u011b\u017en\u00fd u\u017eivatel po zakoupen\u00ed routeru provede jeho z\u00e1kladn\u00ed konfiguraci, nebo mu ji provede jeho IT technik,a za\u010dne ho vyu\u017e\u00edvat. Bohu\u017eel m\u00e1lokdy se stane, \u017ee by ho potom n\u011bkdy zkontroloval, nebo provedl update jeho firmware. A p\u0159esn\u011b tento p\u0159\u00edstup p\u0159edstavuje potenci\u00e1ln\u00ed velk\u00e9 riziko,\u201c<\/em><strong> <\/strong>vysv\u011btluje Martin Lohnert.<\/p><\/blockquote>\n\n\n\n<p>N\u00e1hl\u00fd p\u0159echod k pr\u00e1ci na d\u00e1lku umo\u017enil sofistikovan\u00fdm \u00fato\u010dn\u00edk\u016fm vyu\u017e\u00edt t\u00e9to p\u0159\u00edle\u017eitosti a p\u0159ekonat tradi\u010dn\u00ed IT obranu mnoha dob\u0159e zaveden\u00fdch organizac\u00ed. Po infikov\u00e1n\u00ed routeru (v\u011bt\u0161inou bez nastaven\u00ed ochrany proti zn\u00e1m\u00fdm bezpe\u010dnostn\u00edm chyb\u00e1m) pomoc\u00ed skriptu dojde ke snadn\u00e9mu nasazen\u00ed malwaru ZuoRAT. Ten potom m\u016f\u017ee kompromitovat v&nbsp;s\u00edti p\u0159ipojen\u00e1 za\u0159\u00edzen\u00ed a nainstalovat dal\u0161\u00ed \u0161kodliv\u00fd software, a to jak do Windows, tak Mac Os a Linuxu.<\/p>\n\n\n\n<p><strong>C\u00edl ZuoRAT a jak se chr\u00e1nit<\/strong><\/p>\n\n\n\n<p>\u00datok prost\u0159ednictv\u00edm ZuoRAT je veden prost\u0159ednictv\u00edm zji\u0161t\u011bn\u00ed , zda se v&nbsp;routeru st\u00e1le nach\u00e1z\u00ed zn\u00e1m\u00e9 a dosud neopraven\u00e9 chyby. Po \u00fasp\u011b\u0161n\u00e9m infikov\u00e1n\u00ed routeru n\u00e1sleduje aktivace a zji\u0161t\u011bn\u00ed toho, jak\u00e1 za\u0159\u00edzen\u00ed jsou p\u0159ipojen\u00e1 ke sm\u011brova\u010di. \u00dato\u010dn\u00edk pak m\u016f\u017ee pomoc\u00ed \u00fanosu DNS a HTTP komunikace p\u0159im\u011bt p\u0159ipojen\u00e1 za\u0159\u00edzen\u00ed k instalaci dal\u0161\u00edho malwaru. Zahrnuta je tak\u00e9 funkce pro sb\u011br dat prost\u0159ednictv\u00edm TCP protokolu p\u0159es porty 21 a 8443, kter\u00e9 se pou\u017e\u00edvaj\u00ed k&nbsp;FTP p\u0159ipojen\u00ed a proch\u00e1zen\u00ed webu, co\u017e protivn\u00edkovi potenci\u00e1ln\u011b umo\u017e\u0148uje sledovat internetovou aktivitu u\u017eivatel\u016f z napaden\u00e9ho routeru.<\/p>\n\n\n\n<p>\u00datok je veden velmi profesion\u00e1ln\u011b. <em>\u201eBylo vynalo\u017eeno velk\u00e9 \u00fasil\u00ed, aby ZuoRAT z\u016fstal neodhalen. \u00dato\u010dn\u00e1 infrastruktura nav\u00edc byla zvl\u00e1\u0161t\u011b vysoce sofistikovan\u00e1. P\u0159esto\u017ee identifikovan\u00fdch napaden\u00ed ZuoRATem prozat\u00edm nen\u00ed nijak z\u00e1vratn\u00e9 mno\u017estv\u00ed, nikdo si nem\u016f\u017ee b\u00fdt jist, \u017ee se to net\u00fdk\u00e1 i jeho dom\u00e1c\u00edho routeru. Jde doslova o \u010dasovanou bezpe\u010dnostn\u00ed bombu, kter\u00e1 m\u016f\u017ee za\u010d\u00edt \u0161kodit kdykoliv,\u201c<\/em> vyzdvihuje Martin Lohnert.<\/p>\n\n\n\n<p>Ochrana proti takov\u00e9muto zp\u016fsobu z&nbsp;pohledu dom\u00e1c\u00edho u\u017eivatele spo\u010d\u00edv\u00e1 p\u0159edev\u0161\u00edm v&nbsp;pravideln\u00e9 aktualizaci jejich firmwar\u016f a v\u0161\u00edm\u00e1n\u00ed si podez\u0159el\u00e9ho chovan\u00ed dom\u00e1c\u00ed s\u00edt\u011b. Firmy by si nav\u00edc m\u011bly uv\u011bdomit, \u017ee IT prvk\u016fm mimo infrastrukturu organizace nelze v\u011b\u0159it \u2013 m\u011bly by po\u010d\u00edtat s&nbsp;t\u00edm, \u017ee jsou potenci\u00e1ln\u011b nebezpe\u010dn\u00e9. P\u0159ece jen je nemaj\u00ed ve sv\u00e9 gesci, a tak by k&nbsp;nim v\u017edy m\u011bly p\u0159istupovat jako k&nbsp;ned\u016fv\u011bryhodn\u00fdm za\u0159\u00edzen\u00edm.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>T\u00e9m\u011b\u0159 dva roky z\u016fstalo IT expert\u016fm skryto z\u00e1va\u017en\u00e9 bezpe\u010dnostn\u00ed riziko. A to malware, kter\u00fd \u00fato\u010dn\u00edk\u016fm umo\u017en\u00ed ovl\u00e1dnout lok\u00e1ln\u00ed s\u00ed\u0165 a z\u00edskat p\u0159\u00edstup do zapojen\u00fdch syst\u00e9m\u016f, jako jsou po\u010d\u00edta\u010de a dal\u0161\u00ed za\u0159\u00edzen\u00ed. \u00datok prob\u00edh\u00e1 prost\u0159ednictv\u00edm dosud nev\u00eddan\u00e9ho trojsk\u00e9ho kon\u011b a zam\u011b\u0159uje se na \u201edom\u00e1c\u00ed\u201c routery v\u00a0Evrop\u011b a severn\u00ed Americe. N\u00e1sledn\u011b zp\u0159\u00edstupn\u00ed ovl\u00e1d\u00e1n\u00ed p\u0159ipojen\u00fdch za\u0159\u00edzen\u00ed se syst\u00e9my [&hellip;]<\/p>\n","protected":false},"author":34,"featured_media":49734,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[143],"tags":[],"news_categories":[371],"class_list":["post-49733","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized-cs","news_categories-bezpecnost-cs"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Trojsk\u00fd k\u016f\u0148 ZuoRAT odhalil \u010dasovanou bezpe\u010dnostn\u00ed bombu<\/title>\n<meta name=\"description\" content=\"Malware, kter\u00fd \u00fato\u010dn\u00edk\u016fm umo\u017en\u00ed ovl\u00e1dnout lok\u00e1ln\u00ed s\u00ed\u0165 a z\u00edskat p\u0159\u00edstup do zapojen\u00fdch syst\u00e9m\u016f byl t\u00e9m\u011b\u0159 dva roky skryt.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Trojsk\u00fd k\u016f\u0148 ZuoRAT odhalil \u010dasovanou bezpe\u010dnostn\u00ed bombu\" \/>\n<meta property=\"og:description\" content=\"Malware, kter\u00fd \u00fato\u010dn\u00edk\u016fm umo\u017en\u00ed ovl\u00e1dnout lok\u00e1ln\u00ed s\u00ed\u0165 a z\u00edskat p\u0159\u00edstup do zapojen\u00fdch syst\u00e9m\u016f byl t\u00e9m\u011b\u0159 dva roky skryt.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/\" \/>\n<meta property=\"og:site_name\" content=\"Soitron\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-19T14:49:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-19T14:49:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/08\/AdobeStock_216274011-min-1920x1280.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Natalia Jurakova\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Natalia Jurakova\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Trojsk\u00fd k\u016f\u0148 ZuoRAT odhalil \u010dasovanou bezpe\u010dnostn\u00ed bombu","description":"Malware, kter\u00fd \u00fato\u010dn\u00edk\u016fm umo\u017en\u00ed ovl\u00e1dnout lok\u00e1ln\u00ed s\u00ed\u0165 a z\u00edskat p\u0159\u00edstup do zapojen\u00fdch syst\u00e9m\u016f byl t\u00e9m\u011b\u0159 dva roky skryt.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"cs_CZ","og_type":"article","og_title":"Trojsk\u00fd k\u016f\u0148 ZuoRAT odhalil \u010dasovanou bezpe\u010dnostn\u00ed bombu","og_description":"Malware, kter\u00fd \u00fato\u010dn\u00edk\u016fm umo\u017en\u00ed ovl\u00e1dnout lok\u00e1ln\u00ed s\u00ed\u0165 a z\u00edskat p\u0159\u00edstup do zapojen\u00fdch syst\u00e9m\u016f byl t\u00e9m\u011b\u0159 dva roky skryt.","og_url":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/","og_site_name":"Soitron","article_published_time":"2022-08-19T14:49:45+00:00","article_modified_time":"2022-08-19T14:49:47+00:00","og_image":[{"width":1920,"height":1280,"url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/08\/AdobeStock_216274011-min-1920x1280.jpeg","type":"image\/jpeg"}],"author":"Natalia Jurakova","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Natalia Jurakova","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/#article","isPartOf":{"@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/"},"author":{"name":"Natalia Jurakova","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/da4bfcbfdc7cb1175aef5d403061c986"},"headline":"Trojsk\u00fd k\u016f\u0148 ZuoRAT odhalil \u010dasovanou bezpe\u010dnostn\u00ed bombu. SOHO routery ti\u0161e sleduj\u00ed provoz v s\u00edti","datePublished":"2022-08-19T14:49:45+00:00","dateModified":"2022-08-19T14:49:47+00:00","mainEntityOfPage":{"@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/"},"wordCount":755,"publisher":{"@id":"https:\/\/new.soitron.com\/#organization"},"image":{"@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/#primaryimage"},"thumbnailUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/08\/AdobeStock_216274011-min-1920x1280.jpeg","articleSection":["Uncategorized @cs"],"inLanguage":"cs-CZ"},{"@type":"WebPage","@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/","url":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/","name":"Trojsk\u00fd k\u016f\u0148 ZuoRAT odhalil \u010dasovanou bezpe\u010dnostn\u00ed bombu","isPartOf":{"@id":"https:\/\/new.soitron.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/#primaryimage"},"image":{"@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/#primaryimage"},"thumbnailUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/08\/AdobeStock_216274011-min-1920x1280.jpeg","datePublished":"2022-08-19T14:49:45+00:00","dateModified":"2022-08-19T14:49:47+00:00","description":"Malware, kter\u00fd \u00fato\u010dn\u00edk\u016fm umo\u017en\u00ed ovl\u00e1dnout lok\u00e1ln\u00ed s\u00ed\u0165 a z\u00edskat p\u0159\u00edstup do zapojen\u00fdch syst\u00e9m\u016f byl t\u00e9m\u011b\u0159 dva roky skryt.","breadcrumb":{"@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/#breadcrumb"},"inLanguage":"cs-CZ","potentialAction":[{"@type":"ReadAction","target":["https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/"]}]},{"@type":"ImageObject","inLanguage":"cs-CZ","@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/#primaryimage","url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/08\/AdobeStock_216274011-min-1920x1280.jpeg","contentUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/08\/AdobeStock_216274011-min-1920x1280.jpeg","width":1920,"height":1280,"caption":"trojan horse malware"},{"@type":"BreadcrumbList","@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/new.soitron.com\/"},{"@type":"ListItem","position":2,"name":"Trojsk\u00fd k\u016f\u0148 ZuoRAT odhalil \u010dasovanou bezpe\u010dnostn\u00ed bombu. SOHO routery ti\u0161e sleduj\u00ed provoz v s\u00edti"}]},{"@type":"WebSite","@id":"https:\/\/new.soitron.com\/#website","url":"https:\/\/new.soitron.com\/","name":"Soitron","description":"Soitron je IT firma s 30letou tradici.","publisher":{"@id":"https:\/\/new.soitron.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/new.soitron.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"cs-CZ"},{"@type":"Organization","@id":"https:\/\/new.soitron.com\/#organization","name":"Soitron","url":"https:\/\/new.soitron.com\/","logo":{"@type":"ImageObject","inLanguage":"cs-CZ","@id":"https:\/\/new.soitron.com\/#\/schema\/logo\/image\/","url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2016\/10\/Soitron_logo.png","contentUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2016\/10\/Soitron_logo.png","width":224,"height":56,"caption":"Soitron"},"image":{"@id":"https:\/\/new.soitron.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/da4bfcbfdc7cb1175aef5d403061c986","name":"Natalia Jurakova","image":{"@type":"ImageObject","inLanguage":"cs-CZ","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1acd0f0b322c56059c32d84e222e637666ee594f4a6dde61c2fc4ac19b571a9c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1acd0f0b322c56059c32d84e222e637666ee594f4a6dde61c2fc4ac19b571a9c?s=96&d=mm&r=g","caption":"Natalia Jurakova"},"url":"https:\/\/new.soitron.com\/cs\/author\/naty\/"}]}},"_links":{"self":[{"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/posts\/49733","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/users\/34"}],"replies":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/comments?post=49733"}],"version-history":[{"count":0,"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/posts\/49733\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/media\/49734"}],"wp:attachment":[{"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/media?parent=49733"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/categories?post=49733"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/tags?post=49733"},{"taxonomy":"news_categories","embeddable":true,"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/news_categories?post=49733"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}